[dns-wg] Re: [dnssec-deployment] Ny nyckelsigneringsnyckel (KSK) för .SE - New key signing key (KSK) for .SE
- Previous message (by thread): [dns-wg] Re: [dnssec-deployment] Ny nyckelsigneringsnyckel (KSK) för .SE - New key signing key (KSK) for .SE
- Next message (by thread): [dns-wg] RE: [dnssec-deployment] Ny nyckelsigneringsnyckel (KSK) för .SE - New key signing key (KSK) for .SE
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Holger Zuleger
Holger.Zuleger at hznet.de
Fri Jan 4 10:11:28 CET 2008
Patrik Wallstrom wrote: > On Thu, 03 Jan 2008, Holger Zuleger wrote: > >>> New key signing key (KSK) for .SE >>> As from today, 2008-01-03 .SE publish and take into use a new KSK for >>> signing the .SE zone file. The key published with start 2006 with key >>> id = 17686 is unvalid since 2008-01-01 and will be removed >>> 2008-02-01. You should have configured the key published with start >> Would it be possible to set the REVOKE Bit on that key, and announce it for >> another 30 days? > > There was no time to fix this for this rollover. Next time. Oh, sure, it's clear that no one want's to add a new functionality on a productive service without testing, even if it is just to set one bit. But I thought that it was a good time to bring rfc5011 in mind... >> Doing so enables a rfc5011 aware validator to discard the key automatically >> from the list of possible trust anchor. > > Which resolvers honors the revocation bit? To my knowledge, no swedish > resolver operators are using such software yet. I think you are right. I guess that actually no one use it. Small question to all the dnssec operators: Please raise your hand if I'm wrong. ;-) And to the bind guys: Honors bind, used as an dnssec validator, the revoke bit? Holger -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4870 bytes Desc: S/MIME Cryptographic Signature URL: <https://lists.ripe.net/ripe/mail/archives/dns-wg/attachments/20080104/3d7f2624/attachment.bin>
- Previous message (by thread): [dns-wg] Re: [dnssec-deployment] Ny nyckelsigneringsnyckel (KSK) för .SE - New key signing key (KSK) for .SE
- Next message (by thread): [dns-wg] RE: [dnssec-deployment] Ny nyckelsigneringsnyckel (KSK) för .SE - New key signing key (KSK) for .SE
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]